GDPR Policy
Privacy Policy and Personal Data Protection Notice
Version: 1.0
Date of entry into force: 01.03.2026
Last reviewed: 01.03.2026
1. Legal Framework
This Privacy Policy and Personal Data Protection Notice (hereinafter "Policy") has been established in conformity with and pursuant to the following legislative and regulatory instruments:
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter "the General Data Protection Regulation" or "GDPR");
- Romanian Law No. 190 of 18 July 2018 on measures for the implementation of Regulation (EU) 2016/679;
- Romanian Law No. 506 of 17 November 2004 on the processing of personal data and the protection of privacy in the electronic communications sector;
- Decisions, guidelines, and recommendations issued by the National Supervisory Authority for Personal Data Processing (ANSPDCP).
2. Identity and Contact Details of the Data Controller
The data controller responsible for the processing of personal data collected via this website is:
| Legal name | STARC4SYS SRL |
| Registered office | 9 Ion Crețescu St., Zipcode 060139, 6th sector, Bucharest, Romania |
| Registration number | J40/3108/2013 |
| VAT number | 31340215 |
| Email address | contact@starc4sys.ro |
| Telephone number | +40 314 250 973 |
| Website | https://www.starc4sys.ro |
3. Definitions
- "Personal data" means any information relating to an identified or identifiable natural person;
- "Processing" means any operation or set of operations performed on personal data;
- "Controller" means the natural or legal person that determines the purposes and means of the processing;
- "Processor" means a natural or legal person that processes personal data on behalf of the controller;
- "Consent" means any freely given, specific, informed and unambiguous indication of the data subject's wishes;
- "Cookies" means small text files stored on the user's terminal equipment through a web browser.
4. Categories of Personal Data Processed and Sources Thereof
4.1 Data Collected Automatically via Technical Infrastructure
- Internet Protocol (IP) address of the visitor's device;
- Date, time, and duration of the visit;
- Uniform Resource Locator (URL) of the page visited;
- Type and version of the web browser and operating system used;
- HTTP status codes returned;
- Volume of data transferred.
4.2 Data Communicated Voluntarily via Contact Forms
- Full name;
- Electronic mail address;
- Telephone number (where provided);
- Any other personal data contained in the free-text message field.
4.3 Data Associated with Cookies and Similar Technologies
The website may process data associated with cookies, web beacons, or similar tracking technologies.
5. Purposes and Legal Bases for Processing
| Processing Purpose | Legal Basis (Art. 6 GDPR) |
|---|---|
| Operation, security, and maintenance of the website infrastructure | Art. 6(1)(f) – Legitimate interests |
| Responding to enquiries submitted via the contact form | Art. 6(1)(b) – Pre-contractual steps / Art. 6(1)(f) – Legitimate interests |
| Statistical analysis and performance optimisation of the website | Art. 6(1)(f) – Legitimate interests |
| Storage of cookies essential to website functionality | Art. 6(1)(f) – Legitimate interests |
| Storage of non-essential cookies (analytics, preferences) | Art. 6(1)(a) – Consent |
| Compliance with legal obligations | Art. 6(1)(c) – Legal obligation |
| Establishment, exercise, or defence of legal claims | Art. 6(1)(f) – Legitimate interests |
6. Data Retention Periods
| Category of Data | Retention Period |
|---|---|
| Server access logs | Maximum 12 months |
| Contact form correspondence | 3 years from the date of the last interaction |
| Consent records (cookie consent logs) | 1 year from the date of consent |
| Analytics data | Not exceeding 26 months |
| Data retained pursuant to legal obligation | As required by applicable law |
7. Recipients and Transfers of Personal Data
7.1 Categories of Recipients
- Web hosting and infrastructure service providers;
- Web analytics service providers;
- Electronic mail service providers;
- Public authorities and law enforcement agencies;
- Legal advisors and courts.
STARC4SYS SRL shall not sell, rent, or otherwise commercially transfer personal data to third parties.
7.2 Transfers to Third Countries
Where any service provider engages in processing personal data in a country outside the European Economic Area (EEA), appropriate safeguards are in place in accordance with Article 46 GDPR, including Standard Contractual Clauses.
8. Cookies and Similar Technologies
8.1 Classification of Cookies Used
- Strictly necessary cookies – Essential to the functioning of the website, do not require prior consent.
- Functional cookies – Enable the website to remember user preferences, set only upon consent.
- Analytics and performance cookies – Collect information about how visitors use the website, anonymised data.
- Marketing and targeting cookies – Not deployed on this website.
8.2 Management of Cookie Preferences
Upon first accessing the website, users are presented with a cookie consent banner. Cookie preferences may be modified at any time via the cookie settings panel.
9. Rights of Data Subjects
Pursuant to Chapter III of the GDPR, data subjects are entitled to exercise the following rights:
- Right of Access (Article 15 GDPR) – Right to obtain confirmation as to whether personal data are being processed and access to such data.
- Right to Rectification (Article 16 GDPR) – Right to obtain rectification of inaccurate personal data.
- Right to Erasure (Article 17 GDPR) – Right to obtain erasure of personal data ("Right to be Forgotten").
- Right to Restriction of Processing (Article 18 GDPR) – Right to obtain restriction of processing.
- Right to Data Portability (Article 20 GDPR) – Right to receive personal data in a structured, commonly used format.
- Right to Object (Article 21 GDPR) – Right to object to processing based on legitimate interests.
- Right to Withdraw Consent (Article 7(3) GDPR) – Right to withdraw consent at any time.
9.1 Exercise of Rights — Procedure
Requests for the exercise of any of the above rights shall be addressed to STARC4SYS SRL:
- By electronic mail to: contact@starc4sys.ro
- By postal correspondence to the registered office
The controller shall provide information within one month of receipt of the request.
10. Security of Personal Data
STARC4SYS SRL implements appropriate technical and organisational measures including:
- Use of encrypted connections (HTTPS/TLS);
- Access control measures restricting access to authorised personnel;
- Regular security assessments;
- Pseudonymisation and anonymisation of data;
- Regular testing, assessing, and evaluating of security measures.
In the event of a personal data breach, STARC4SYS shall notify the ANSPDCP within 72 hours of becoming aware of the breach.
11. Supervisory Authority — Right to Lodge a Complaint
Data subjects have the right to lodge a complaint with:
Autoritatea Națională pentru Supravegherea Prelucrării Datelor cu Caracter Personal (ANSPDCP)
Address: B-dul General Gheorghe Magheru nr. 28-30, Sector 1, 010336 Bucharest, Romania
Telephone: +40 318 059 211
Email: anspdcp@dataprotection.ro
Website: https://www.dataprotection.ro
12. Third-Party Links
This website may contain hyperlinks to external websites operated by third parties. This Policy does not apply to such third-party websites.
13. Amendments to this Policy
STARC4SYS SRL reserves the right to amend or update this Policy at any time. Any material amendments shall be brought to the attention of visitors by means of a prominent notice on the website.
14. Applicable Law and Jurisdiction
This Policy is governed by the law of Romania and applicable European Union law. Any dispute shall be submitted to the competent courts of Romania.